Solved

Securing Remote Computers Accessing Office Computers Via Remote Web Workplace

Posted on 2012-03-12
3
947 Views
Last Modified: 2012-03-13
I have a client with a Windows SBS 2008 server that is providing access to the office computers, for those who have a computer in the office, and to the Windows 2008 Terminal Server, for those who do not have a computer in the office.

Some people have company laptops that they take home, some people work on compnay desktops at remote offices and some people work from home using their personal computers.

I am worried about the people working from home using their personal computers. My concern is that they can have or they could get a key logger malware app on their home computers that reports back the Remote Web Workplace URL, their usernames and their passwords. The Remote Web Workplace URL and the user’s login info would give the malware writer/operator access to the company’s data, not unlike how bank accounts and online gaming accounts often get cracked.

I am looking for a solution to secure access to the office network via Remote Web Workplace in such a way that I do not have to install any software on the home user’s personal computers.
0
Comment
Question by:wmtrader
3 Comments
 
LVL 25

Accepted Solution

by:
Tony1044 earned 500 total points
ID: 37708950
The simplest solution here I think would be two-factor authentication.

This gives your users a token of some kind and is based around something that they know (their password and maybe a PIN they append to their token code) and something they have - i.e. a physical token of some kind.

There are physical solutions, such as the SafeWord products (I've had a preference for these over the years, as they tend to be cheaper than say RSA, don't die like some [some have a 'death date' after whichthey stop functioning] and can be more easily integrated into the infrastructure for just some users).

Other alternatives include SMS based options whereby a one time use code is sent to a users registered mobile phone.

Either kind of mechanism will negate keyloggers' because the end point log won't include anything useful about the 2nd one-time-use factor.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 37711964
I agree that two-factor authentication would mitigate your concern. However, many two-factor mechanisms don't work well with RWW because of how that feature is designed, I recommend RWWGuard from Scorpionsoft.  Written by a Microsoft Security MVP, designed for RWW/RWA, and a large SBS support base, it has a lot of traction in the marketplace.

-Cliff
0
 

Author Closing Comment

by:wmtrader
ID: 37714144
I went with the two-factor authentication and I found 2 solutions that work with Win SBS 2011 RWW that I'll be testing, SafeWord from SafeNet Inc and AuthAnvil from Scorpion Software.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now